7.1
CVE-2023-28071
- EPSS 0.04%
- Published 23.06.2023 11:15:09
- Last modified 21.11.2024 07:54:20
- Source security_alert@emc.com
- Teams watchlist Login
- Open Login
Dell Command | Update, Dell Update, and Alienware Update versions 4.9.0, A01 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS).
Data is provided by the National Vulnerability Database (NVD)
Dell ≫ Alienware Update Version < 4.9.0
Dell ≫ Alienware Update Version4.9.0 Updatea01
Dell ≫ Command Update Version < 4.9.0
Dell ≫ Command Update Version4.9.0 Updatea01
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.126 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.1 | 1.8 | 5.2 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
|
| security_alert@emc.com | 6.3 | 1 | 5.2 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
|
CWE-1386 Insecure Operation on Windows Junction / Mount Point
The product opens a file or directory, but it does not properly prevent the name from being associated with a junction or mount point to a destination that is outside of the intended control sphere.
CWE-59 Improper Link Resolution Before File Access ('Link Following')
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.